Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Identifying Signs of Runtime-Linking and Building Context for API Hashes in Lockbit Malware - Part 3

Dr Josh Stroschein via YouTube

Overview

Explore the intricacies of Lockbit's runtime linking techniques in this 16-minute video tutorial. Delve into how the malware dynamically builds its import table, a crucial aspect of reverse engineering. Uncover the use of precomputed values instead of strings as an additional layer of obfuscation. Learn to identify signs of runtime linking, understand the purpose of precomputed hashes/checksums, and build context around API importation. Dive deeper into the malware's structure, examining its use of recursion for dynamic API resolution. Conclude with a practical demonstration of stepping through the code in a debugger, enhancing your malware analysis skills.

Syllabus

Finding evidence of runtime linking
Precomputed hashes/checksums and what they are used for
Building context around how APIs will be imported
Another layer deeper
Using recursion to dynamically resolve APIs
Stepping through the code in a debugger

Taught by

Dr Josh Stroschein

Reviews

Start your review of Identifying Signs of Runtime-Linking and Building Context for API Hashes in Lockbit Malware - Part 3

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.